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1 . A method for transmitting Internet Key Exchange (IKE) data packets 
across a network comprising the steps of: 

generating and transmitting an IKE packet over a network; 

determining whether a response to the IKE packet was received; 

fragmenting the IKE packet into a plurality of smaller packets when a response is 
not received, wherein each of the smaller packets includes a header formatted according 
to the IKE protocol; and 

transmitting each of the plurality of smaller packets over a network. 

2. The method of claim 1 wherein each header includes an identifier that may 
be used to associate the smaller packet with a corresponding IKE packet. 
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3. A network node that communicates with other network nodes according to 
the Internet Key Exchange (IKE) protocol comprising: 

a User Datagram Protocol (UDP) stack that is capable of generating UDP data 
packets for transmission over a network; 

an IKE protocol stack that generates IKE data packets that are subsequently 
processed by the UDP protocol stack; and 

a fragmenter module that intercepts IKE data packets prior to being processed by 
to the UDP protocol stack and splits the IKE data packets into a plurality of smaller data 
packets that may be subsequently formatted by the UDP protocol stack. 

4. A method for fragmenting a data packet comprising the steps of: 
generating an IKE data packet; 

intercepting the IKE data packet before it is passed to a subsequent network 
protocol stack; 

determining a maximum size for fragments of an IKE data packet; 
dividing the IKE data packet into at least two smaller packets; and 
prepending a header to each smaller packet, wherein each header for each smaller 

packet includes an identifier that associates the smaller packet with its corresponding IKE 

data packet. 



5. The method of claim 4 wherein the dividing step is performed such that the 
combined size of each smaller packet and prepended header will not exceed the 
maximum size. 
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6. A method for receiving fragmented Internet Key Exchange (IKE) data 
packets comprising the steps of: 

receiving a plurality of fragments of an IKE data packet from a transmitting node, 
wherein each fragment includes an identifier that associates each fragment with an IKE 
data packet; and 

discarding all fragments that contain a first identifier if a predetermined number of 
fragments are received that contain a second identifier. 

7. The method according to claim 6 wherein the step of discarding all 
fragments that contain a first identifier is performed when at least one fragment is 
received that contains a second identifier. 

8. The method according to claim 6 further comprising the steps of: 
determining whether all fragments that are associated with an IKE data packet 

have been received; and 

sending a no acknowledgment (NAK) message to the transmitting node when at 
least one fragment has not been received. 

9. The method according to claim 6 further comprising the step of 
determining the total size of all fragments that contain the same identifier and discarding 
said fragments when the total size exceeds a predetermined limit. 
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10. The method according to claim 9 wherein the predetermined limit is 64 
kilobytes. 

11. A system for transmitting Internet Key Exchange (IKE) protocol data 
packets across a network comprising: 

means for generating an IKE packet; 

means for detecting whether the IKE packet was successfully received at the 
intended receiver node; and 

means for fragmenting the IKE packets into smaller packets when the IKE packet 
was not successfully received at the receiver node, wherein each of the smaller packets 
includes information that permits a receiver node to identify the IKE packet associated, 
with each smaller packet and the position of each smaller packet within the IKE packet. 

12. The system of claim 1 1 further comprising means for determining the 
capability of the receiver node for receiving fragmented packets. 

13. A method for transmitting data packets across a network comprising the steps 

of: 

generating and transmitting an Internet Key Exchange (IKE) packet over a network; 
determining whether a response to the IKE packet was received; 
fragmenting the IKE packet into a plurality of smaller packets when a response is not 
received; and 

transmitting each of the plurality of smaller packets over a network. 

14. The method of claim 13 wherein each of the plurality of small packets 
contains a header formatted according to the IKE protocol 
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15. The method of claim 1 3 wherein the IKE packet contains a header formatted 
according to the IKE protocol. 

16. The method of claim 1 5 wherein the plurality of smaller packets contain the 
same information as that contained within the original IKE packet. 

1 7. The method of claim 1 6 wherein at least one of the plurality of smaller packets 
contains the header formatted according to the IKE protocol. 

18. A method for transmitting data packets across a network comprising the steps 

of: 

generating a data packet containing Internet Key Exchange (IKE) information; 

determining whether fragmentation of the data packet is necessary to successfully 
transmit the IKE information over a network; and 

fragmenting the data packet if necessary into a plurality of smaller packets that may 
be transmitted over a network. 

19. The method of claim 1 8 wherein the step of determining whether 
fragmentation is necessary is not based exclusively on the size of the data packet. 

20. A method for resolving transmitting errors associated with transmitting 
Internet Key Exchange (IKE) packets via protocol stacks that implement the Transmission 
Control Protocol (TCP), the User Datagram Protocol (UDP), and/or the Internet Protocol (IP) 
comprising the steps of: 

generating a data packet containing IKE data; 

fragmenting the packet with a code module that does not implement the TCP, UDP or 
IP protocols before the packet is processed by a code module that does implement the TCP, 
UDP or IP protocols; and 

transmitting the fragmented packet over a network. 
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21 . The method of claim 20 further including the step of determining whether it is 
necessary to fragment IKE data packets before fragmenting the IKE data packet. 

22. A method for intelligently discarding data packets to efficiently manage 
resources comprising: 

receiving a plurality of data packets containing Internet Key Exchange (IKE) 
information, wherein the packets were transmitted from a transmitting node in a order that 
can be determined from information contained within the received data packets; 

determining from information contained within the received data packets whether any 
of the received packets have been received in an order that differs from the order in which the 
packets were transmitted from the transmitting node; and 

discarding at least certain of the received packets when a predetermined number of 
out of order packets have been received. 

23. The method of claim 22 further including the step of sending a message to the 
transmitting node that out of order packets have been received. 
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